From e053170d3ff6b8a8365ea60a44fd144dbb8a1738 Mon Sep 17 00:00:00 2001 From: richard Date: Sat, 20 Oct 2001 11:58:48 +0000 Subject: [PATCH] Catch errors in login - no username or password supplied. Fixed editing of password (Password property type) thanks Roch'e Compaan. git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@312 57a73879-2fb5-44c3-a270-3262357dd7e2 --- CHANGES.txt | 2 ++ roundup-admin | 9 +++++++-- roundup/cgi_client.py | 12 ++++++++++-- roundup/password.py | 21 +++++++++++++++++---- 4 files changed, 36 insertions(+), 8 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index 4a61eca..a87beea 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -13,6 +13,8 @@ Fixed: . CGI interface wasn't handling checkboxes at all. . Fixed quopri usage in mailgw from bug reports on mailing list. . Remove the "freshen" command from the roundup-admin tool. + . Catch errors in login - no username or password supplied. + . Fixed editing of password (Password property type) thanks Roch'e Compaan. 2001-10-11 - 0.3.0 pre 2 Fixed: diff --git a/roundup-admin b/roundup-admin index 9014bc7..ff200d0 100755 --- a/roundup-admin +++ b/roundup-admin @@ -16,7 +16,7 @@ # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # -# $Id: roundup-admin,v 1.34 2001-10-18 02:16:42 richard Exp $ +# $Id: roundup-admin,v 1.35 2001-10-20 11:58:48 richard Exp $ import sys if int(sys.version[0]) < 2: @@ -159,7 +159,7 @@ Command help: print 'Back ends:', ', '.join(backends) - def do_init(instance_home, args): + def do_init(self, instance_home, args): '''Usage: init [template [backend [admin password]]] Initialise a new Roundup instance. @@ -671,6 +671,11 @@ if __name__ == '__main__': # # $Log: not supported by cvs2svn $ +# Revision 1.34 2001/10/18 02:16:42 richard +# Oops, committed the admin script with the wierd #! line. +# Also, made the thing into a class to reduce parameter passing. +# Nuked the leading whitespace from the help __doc__ displays too. +# # Revision 1.33 2001/10/17 23:13:19 richard # Did a fair bit of work on the admin tool. Now has an extra command "table" # which displays node information in a tabular format. Also fixed import and diff --git a/roundup/cgi_client.py b/roundup/cgi_client.py index d35cfa5..21af9a2 100644 --- a/roundup/cgi_client.py +++ b/roundup/cgi_client.py @@ -15,7 +15,7 @@ # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # -# $Id: cgi_client.py,v 1.33 2001-10-17 00:18:41 richard Exp $ +# $Id: cgi_client.py,v 1.34 2001-10-20 11:58:48 richard Exp $ import os, cgi, pprint, StringIO, urlparse, re, traceback, mimetypes import base64, Cookie, time @@ -492,8 +492,13 @@ class Client: ''') def login_action(self, message=None): + if not self.form.has_key('__login_name'): + return self.login(message='Username required') self.user = self.form['__login_name'].value - password = self.form['__login_password'].value + if self.form.has_key('__login_password'): + password = self.form['__login_password'].value + else: + password = '' # make sure the user exists try: uid = self.db.user.lookup(self.user) @@ -771,6 +776,9 @@ def parsePropsFromForm(db, cl, form, nodeid=0): # # $Log: not supported by cvs2svn $ +# Revision 1.33 2001/10/17 00:18:41 richard +# Manually constructing cookie headers now. +# # Revision 1.32 2001/10/16 03:36:21 richard # CGI interface wasn't handling checkboxes at all. # diff --git a/roundup/password.py b/roundup/password.py index 335a7a8..9ae02c6 100644 --- a/roundup/password.py +++ b/roundup/password.py @@ -15,7 +15,7 @@ # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # -# $Id: password.py,v 1.2 2001-10-09 23:58:10 richard Exp $ +# $Id: password.py,v 1.3 2001-10-20 11:58:48 richard Exp $ import sha, re @@ -82,11 +82,18 @@ class Password: '''Sets encrypts plaintext.''' self.password = encodePassword(plaintext, self.scheme) - def __cmp__(self, plaintext): - '''Compare this password against the plaintext.''' + def __cmp__(self, other): + '''Compare this password against another password.''' + # check to see if we're comparing instances + if isinstance(other, Password): + if self.scheme != other.scheme: + return + return cmp(self.password, other.password) + + # assume password is plaintext if self.password is None: raise ValueError, 'Password not set' - return cmp(self.password, encodePassword(plaintext, self.scheme)) + return cmp(self.password, encodePassword(other, self.scheme)) def __str__(self): '''Stringify the encrypted password for database storage.''' @@ -106,6 +113,12 @@ if __name__ == '__main__': # # $Log: not supported by cvs2svn $ +# Revision 1.2 2001/10/09 23:58:10 richard +# Moved the data stringification up into the hyperdb.Class class' get, set +# and create methods. This means that the data is also stringified for the +# journal call, and removes duplication of code from the backends. The +# backend code now only sees strings. +# # Revision 1.1 2001/10/09 07:25:59 richard # Added the Password property type. See "pydoc roundup.password" for # implementation details. Have updated some of the documentation too. -- 2.30.2